Results 1 to 9 of 9
  1. #1
    New Lounger
    Join Date
    May 2002
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    security through vba (2000)

    Can I write code that tells Access to run as a certain user depending on the windows login? I know the API calls to get the Windows user name. Can I have it check and see if, for example, "Staff" is logged in to Windows, then run the DB as "Peon", and if "Admin" is logged in to Windows, then run DB as "DBA"?

  2. #2
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Newbury, Berkshire, UK, Berkshire, England
    Posts
    243
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    I'd have thought not, as if you're in Access you've already logged in as a specific user, and I don't know of a way to change user except by exiting and logging back in.
    If I had to do it, I'd probably write a little VB front-end which ran Access with the appropriate command-line based on the current user id

  3. #3
    New Lounger
    Join Date
    May 2002
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    Sounds like a good idea. Any idea what that command line might be? Or where I might find it?

  4. #4
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Newbury, Berkshire, UK, Berkshire, England
    Posts
    243
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    You can try http://support.microsoft.com/default.aspx?...b;EN-US;q105128
    In particular
    In Microsoft Access 1.x, 2.0, 7.0, and 97:
    <database> Opens the specified database.
    /Excl Opens the database for exclusive access.
    /Ro Opens the database for read-only access.
    /User <user name> Starts Access using the specified user name.
    You'll be prompted for the path to Msaccess.exe.
    /Pwd <password> Starts Access using the specified password.
    You'll be prompted for the path to Msaccess.exe.
    /X <macro> Starts Access and runs specified macro.
    /Cmd Specifies what value to pass to the Command
    function in an Access Basic procedure that is
    called by a RunCode action in an AutoExec macro.
    This option must be the last option on the command
    line.

    so I think the /User might be the one you are looking for

  5. #5
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: security through vba (2000)

    May I point out that you have to hard code the username and password somewhere in order to do this, which sort of eliminates the notion of "security".
    Charlotte

  6. #6
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Newbury, Berkshire, UK, Berkshire, England
    Posts
    243
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    Very valid point Charlotte <img src=/S/thumbup.gif border=0 alt=thumbup width=15 height=15>

  7. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Edmonton, Alberta, Canada
    Posts
    326
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    How about combining what was suggested (re the /user and /pwd options) with code in the database that compares Currentuser() with the network logon id and quits if they don't match? That way if people find out the Access password (from the /pwd option) they still won't be able to use the database.

  8. #8
    New Lounger
    Join Date
    May 2002
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security through vba (2000)

    Yes, but I don't require a password for this shortcut because it opens as a read-only user. The only way to get in as an Admin is to know my password and, and this is the new problem, be using my computer. I figured out that by taking Admin out of the Admins group and giving Admin The User nothing but read permissions, I have solved my basic problem of keeping other people out of my design. But what happens if my machine dies? How can I get administrative access from another machine? Do I have to put the same workgroup information file on everyone else's machine or something? My boss hates that idea so I'd rather not. I feel like there is something very basic I am missing here. I'm sorry if this is a dumb question. I've tried adding a user on another machine with the same login and personal ID as mine, but that didn't work. Should I just make an unsecured copy of the database and store it in a secure folder on the server? Is there no other way? Thanks for any further help you can offer.
    -Daren

  9. #9
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security through vba (2000)

    I'm afraid you are going to have to link to a common system.mdw file, or deploy that file to each of the workstations if you want to make your development reasonably secure. The problem is that permissions are stored in the database, but passwords, groups, users and user membership in groups are stored in the system.mdw file. There is a white paper that has been referenced in a number of recent posts that describes the 15 or so steps you really need to take to secure a database - be sure an look at it to better understand the security model for Access. Most of the advanced textbooks (Access Developer's Handbook for example) have a decent section on using security. How many users are you dealing with? If it's quite a few, you might consider SQL Server as your back-end. It uses integrated security so you see the person's Windows login if you capture the user name as a default or with triggers.
    Wendell

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •